/*
- silcske.c
+ silcske.c
Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 2000 - 2001 Pekka Riikonen
+ Copyright (C) 2002 - 2002 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
+ the Free Software Foundation; version 2 of the License.
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#include "silcske.h"
#include "groups_internal.h"
+/* Static functions */
+static SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcMPInt *n,
+ SilcUInt32 len,
+ SilcMPInt *rnd);
+static SilcSKEStatus silc_ske_make_hash(SilcSKE ske,
+ unsigned char *return_hash,
+ SilcUInt32 *return_hash_len,
+ int initiator);
+
/* Structure to hold all SKE callbacks. */
struct SilcSKECallbacksStruct {
SilcSKESendPacketCb send_packet;
/* Allocates new SKE object. */
-SilcSKE silc_ske_alloc()
+SilcSKE silc_ske_alloc(SilcRng rng, void *context)
{
SilcSKE ske;
ske = silc_calloc(1, sizeof(*ske));
ske->status = SILC_SKE_STATUS_OK;
+ ske->rng = rng;
+ ske->user_data = context;
ske->users = 1;
return ske;
SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
SilcPublicKey public_key,
- SilcPrivateKey private_key)
+ SilcPrivateKey private_key,
+ SilcSKEPKType pk_type)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcBuffer payload_buf;
SilcMPInt *x;
SilcSKEKEPayload *payload;
- uint32 pk_len;
+ SilcUInt32 pk_len;
SILC_LOG_DEBUG(("Start"));
}
payload->pk_len = pk_len;
}
- payload->pk_type = SILC_SKE_PK_TYPE_SILC;
+ payload->pk_type = pk_type;
/* Compute signature data if we are doing mutual authentication */
if (private_key && ske->start_payload->flags & SILC_SKE_SP_FLAG_MUTUAL) {
unsigned char hash[32], sign[1024];
- uint32 hash_len, sign_len;
+ SilcUInt32 hash_len, sign_len;
SILC_LOG_DEBUG(("We are doing mutual authentication"));
SILC_LOG_DEBUG(("Computing HASH_i value"));
{
SilcSKEKEPayload *payload;
unsigned char hash[32];
- uint32 hash_len;
+ SilcUInt32 hash_len;
SilcPublicKey public_key = NULL;
/* If the SKE was freed during the async call then free it really now,
public key, f, and signature. This function verifies the public key,
computes the secret shared key and verifies the signature.
- The `callback' will be called to indicate that the caller may
+ The `proto_continue' will be called to indicate that the caller may
continue with the SKE protocol. The caller must not continue
before the SKE libary has called that callback. If this function
returns an error the callback will not be called. It is called
SilcSKEStatus silc_ske_responder_start(SilcSKE ske, SilcRng rng,
SilcSocketConnection sock,
- char *version,
+ const char *version,
SilcBuffer start_payload,
- bool mutual_auth)
+ SilcSKESecurityPropertyFlag flags)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcSKEStartPayload *remote_payload = NULL, *payload = NULL;
ske->start_payload_copy = silc_buffer_copy(start_payload);
/* Force the mutual authentication flag if we want to do it. */
- if (mutual_auth) {
+ if (flags & SILC_SKE_SP_FLAG_MUTUAL) {
SILC_LOG_DEBUG(("Force mutual authentication"));
remote_payload->flags |= SILC_SKE_SP_FLAG_MUTUAL;
}
+ /* Force PFS flag if we require it */
+ if (flags & SILC_SKE_SP_FLAG_PFS) {
+ SILC_LOG_DEBUG(("Force PFS"));
+ remote_payload->flags |= SILC_SKE_SP_FLAG_PFS;
+ }
+
/* Parse and select the security properties from the payload */
payload = silc_calloc(1, sizeof(*payload));
status = silc_ske_select_security_properties(ske, version,
/* The selected security properties from the initiator payload is now
encoded into Key Exchange Start Payload and sent to the initiator. */
-SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske,
- SilcSKEStartPayload *start_payload)
+SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcBuffer payload_buf;
/* Allocate security properties from the payload. These are allocated
only for this negotiation and will be free'd after KE is over. */
ske->prop = prop = silc_calloc(1, sizeof(*prop));
- prop->flags = start_payload->flags;
- status = silc_ske_group_get_by_name(start_payload->ke_grp_list, &group);
+ prop->flags = ske->start_payload->flags;
+ status = silc_ske_group_get_by_name(ske->start_payload->ke_grp_list, &group);
if (status != SILC_SKE_STATUS_OK)
goto err;
prop->group = group;
- if (silc_pkcs_alloc(start_payload->pkcs_alg_list,
+ if (silc_pkcs_alloc(ske->start_payload->pkcs_alg_list,
&prop->pkcs) == FALSE) {
status = SILC_SKE_STATUS_UNKNOWN_PKCS;
goto err;
}
- if (silc_cipher_alloc(start_payload->enc_alg_list,
+ if (silc_cipher_alloc(ske->start_payload->enc_alg_list,
&prop->cipher) == FALSE) {
status = SILC_SKE_STATUS_UNKNOWN_CIPHER;
goto err;
}
- if (silc_hash_alloc(start_payload->hash_alg_list,
+ if (silc_hash_alloc(ske->start_payload->hash_alg_list,
&prop->hash) == FALSE) {
status = SILC_SKE_STATUS_UNKNOWN_HASH_FUNCTION;
goto err;
}
- if (silc_hmac_alloc(start_payload->hmac_alg_list, NULL,
+ if (silc_hmac_alloc(ske->start_payload->hmac_alg_list, NULL,
&prop->hmac) == FALSE) {
status = SILC_SKE_STATUS_UNKNOWN_HMAC;
goto err;
}
/* Encode the payload */
- status = silc_ske_payload_start_encode(ske, start_payload, &payload_buf);
+ status = silc_ske_payload_start_encode(ske, ske->start_payload,
+ &payload_buf);
if (status != SILC_SKE_STATUS_OK)
goto err;
ske->start_payload->flags & SILC_SKE_SP_FLAG_MUTUAL) {
SilcPublicKey public_key = NULL;
unsigned char hash[32];
- uint32 hash_len;
+ SilcUInt32 hash_len;
/* Decode the public key */
if (!silc_pkcs_public_key_decode(recv_payload->pk_data,
and computes f = g ^ x mod p. This then puts the result f to a Key
Exchange Payload.
- The `callback' will be called to indicate that the caller may
+ The `proto_continue' will be called to indicate that the caller may
continue with the SKE protocol. The caller must not continue
before the SKE libary has called that callback. If this function
returns an error the callback will not be called. It is called
SilcBuffer payload_buf;
SilcMPInt *KEY;
unsigned char hash[32], sign[1024], *pk;
- uint32 hash_len, sign_len, pk_len;
+ SilcUInt32 hash_len, sign_len, pk_len;
SILC_LOG_DEBUG(("Start"));
packet = silc_buffer_alloc(4);
silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
silc_buffer_format(packet,
- SILC_STR_UI_INT((uint32)SILC_SKE_STATUS_OK),
+ SILC_STR_UI_INT((SilcUInt32)SILC_SKE_STATUS_OK),
SILC_STR_END);
if (ske->callbacks->send_packet)
packet = silc_buffer_alloc(4);
silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
silc_buffer_format(packet,
- SILC_STR_UI_INT((uint32)status),
+ SILC_STR_UI_INT((SilcUInt32)status),
SILC_STR_END);
if (ske->callbacks->send_packet)
SilcSKEStatus
silc_ske_assemble_security_properties(SilcSKE ske,
- unsigned char flags,
- char *version,
+ SilcSKESecurityPropertyFlag flags,
+ const char *version,
SilcSKEStartPayload **return_payload)
{
SilcSKEStartPayload *rp;
rp = silc_calloc(1, sizeof(*rp));
/* Set flags */
- rp->flags = flags;
+ rp->flags = (unsigned char)flags;
/* Set random cookie */
rp->cookie = silc_calloc(SILC_SKE_COOKIE_LEN, sizeof(*rp->cookie));
SilcSKEStatus
silc_ske_select_security_properties(SilcSKE ske,
- char *version,
+ const char *version,
SilcSKEStartPayload *payload,
SilcSKEStartPayload *remote_payload)
{
/* Creates random number such that 1 < rnd < n and at most length
of len bits. The rnd sent as argument must be initialized. */
-SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcMPInt *n,
- uint32 len,
- SilcMPInt *rnd)
+static SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcMPInt *n,
+ SilcUInt32 len,
+ SilcMPInt *rnd)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
unsigned char *string;
hash value defined in the protocol. If it is FALSE then this is used
to create the HASH value defined by the protocol. */
-SilcSKEStatus silc_ske_make_hash(SilcSKE ske,
- unsigned char *return_hash,
- uint32 *return_hash_len,
- int initiator)
+static SilcSKEStatus silc_ske_make_hash(SilcSKE ske,
+ unsigned char *return_hash,
+ SilcUInt32 *return_hash_len,
+ int initiator)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcBuffer buf;
unsigned char *e, *f, *KEY;
- uint32 e_len, f_len, KEY_len;
+ SilcUInt32 e_len, f_len, KEY_len;
int ret;
SILC_LOG_DEBUG(("Start"));
SilcSKEStatus
silc_ske_process_key_material_data(unsigned char *data,
- uint32 data_len,
- uint32 req_iv_len,
- uint32 req_enc_key_len,
- uint32 req_hmac_key_len,
+ SilcUInt32 data_len,
+ SilcUInt32 req_iv_len,
+ SilcUInt32 req_enc_key_len,
+ SilcUInt32 req_hmac_key_len,
SilcHash hash,
SilcSKEKeyMaterial *key)
{
SilcBuffer buf;
unsigned char hashd[32];
- uint32 hash_len = req_hmac_key_len;
- uint32 enc_key_len = req_enc_key_len / 8;
+ SilcUInt32 hash_len = req_hmac_key_len;
+ SilcUInt32 enc_key_len = req_enc_key_len / 8;
SILC_LOG_DEBUG(("Start"));
the actual keys to be used in the SILC. */
SilcSKEStatus silc_ske_process_key_material(SilcSKE ske,
- uint32 req_iv_len,
- uint32 req_enc_key_len,
- uint32 req_hmac_key_len,
+ SilcUInt32 req_iv_len,
+ SilcUInt32 req_enc_key_len,
+ SilcUInt32 req_hmac_key_len,
SilcSKEKeyMaterial *key)
{
SilcSKEStatus status;
SilcBuffer buf;
unsigned char *tmpbuf;
- uint32 klen;
+ SilcUInt32 klen;
/* Encode KEY to binary data */
tmpbuf = silc_mp_mp2bin(ske->KEY, 0, &klen);
projects / silc.git / blobdiff